DevOps pace may be too fast for security
Palo Alto Networks survey shows developers concerned security can't keep pace with DevOps
The adoption of DevOps using cloud may mean that organisations are trading speed of development for security, according to a study commission by Palo Alto Networks.
Nearly three-quarters (72% of European and Middle East cybersecurity professionals at organisations using DevOps practices in the public cloud believe that the speed of public cloud adoption is introducing preventable security risks to software updates.
The DevOps model increases collaboration between development and operations teams, allowing for a fast-paced approach to application creation and enhancement. Organisations have adopted this model to achieve faster application delivery, enhanced innovation, more stable operating environments, and performance-focused employee teams.
However, many of the survey respondents felt that the approach is encouraging cybersecurity to be overlooked in favour of speed-to-market. Only 47% of survey respondents indicated that they are confident that cybersecurity is working well for DevOps teams operating in the public cloud. Only 22% of cybersecurity professionals said they had a firm grasp on the risks and needs that come with securing DevOps-operated environments in the cloud.
Seventy-three percent of respondents said their organisations have fully or partially adopted DevOps using public cloud, with one in five making updates on a weekly basis or more frequently.
As Greg Day, vice president and CSO for EMEA at Palo Alto Networks, explains: "DevOps is proven to deliver strong results. Rapid delivery of code, infrastructure and data enables organisations to meet the needs of their customers faster than ever and stay ahead of their competition. However, too often, the speed and complexity of delivery has resulted in traditional cybersecurity processes failing to complete even rudimentary checks and controls at the same rapid pace, resulting in unnecessary risks. Indeed, we see over half failing to meet basic password management policies. Organisations won't wait for security teams to catch up, so they must leverage native integration points and automate their cybersecurity capabilities to address the continuous and real-time visibility and governance needed to keep pace with DevOps practices."
Palo Alto says that its Security Operating Platform enables organisations to confidently deploy applications in the cloud by preventing data loss and business disruption. Palo Alto Networks customers operating in hybrid and multi-cloud environments benefit from a comprehensive and consistent security offering that integrates directly with cloud platforms.